Base Score

LOW3.3

CVE-2022-41977

An out of bounds read vulnerability exists in the way OpenImageIO version v2.3.19.0 processes string fields in TIFF image files. A specially-crafted TIFF file can lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability.

VectorLOCAL

Published Bytalos-cna@cisco.com

Published DateDec 22, 2022, 22:15

Weakness Type (CWE):CWE-125

CVSS Metrics

Base Score

3.3

Vector String

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Base Severity

LOW

Version

3.1

Attack Vector (AV)

LOCAL

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

REQUIRED

Scope (S)

UNCHANGED

Confidentiality (C)

LOW

Integrity (I)

NONE

Availability (A)

NONE

References

Base Score

LOW3.3

Weakness Type (CWE):CWE-125

CVSS Metrics

Base Score

3.3

Vector String

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Base Severity

LOW

Version

3.1

Attack Vector (AV)

LOCAL

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

REQUIRED

Scope (S)

UNCHANGED

Confidentiality (C)

LOW

Integrity (I)

NONE

Availability (A)

NONE